Part 2 Flashcards
What is “direct evidence”?
Oral testimony that proves a specific fact.
What is “documentary evidence”?
Commercial documents, prints, manuals, etc.
What are 3 rules for evidence”
1) Better evidence: the court prefers original documents.
2) The exclusionary rule: The data collected in violation of the 4th amendment (unreasonable search and seizure) is not eligible.
3) Whether or not there is ‘hearsay”. Which is second-hand evidence and is an option not admissible. Not even computer-generated hearsay.
What is “image capturing?”
Imaging a system can be a very effective way of preserving evidence.
What is a “forensic copy”?
It is a bitwise copy that includes integrity checks in the form of a hash.
Hashing tools and algorithms create message digests that show that a copy is equivalent to the original and has not been altered.
What is “time offset”?
This is when there is a time difference between two different computers, they are not synchronized in “real time”.
What is “preservation of evidence”?
This is the process of making sure that evidence is purchased, identified, protected from tampering, transported, and stored properly. Digital copies can be edited and completed without a record of change.
Need to have safeguards against manipulation, whether intentional or not. Also collecting hashes helps as they validate copies of evidence.
What is the “recovery of evidence”?
This is determining relevant information and then retrieving it.
What is “strategic information gathering”?
This is the use of all resources to make decisions. This is limited to the management level.
What is “counterintelligence collection”?
This is the collection of information specifically directed to the strategic intelligence effort of another entity.
What are “Standard Operating Procedures (SOPs)”?
Both are needed for SOPs:
1) These are step-by-step directions on how to implement policies within an organization.
2) Standards are mandatory elements for the implementation of a policy.
What are “Trade Association Agreements (BPAs)”?
They are the legal agreements between partners. This is a legal agreement that outlines the terms, conditions, and expectations between partners.
What are “service level agreements (SLA)”?
These are negotiated agreements between two parties that outline service expectations. Technical metrics between the customer and service provider are usually described in this agreement.
What is an “interconnection security agreement (ISA)”?
It is a specialized agreement between organizations that have interconnected IT systems. ISAs document the security requirements that arise from such connections.
What are “Memorandums of Understanding (MOU)”?
These are legal documents that describe a bilateral agreement between the parties. The parties have some kind of shared goal.
What are “non-disclosure agreements (NDAs)”?
These are confidentiality agreements between a company and its staff, which describes the limits of secret corporate material and the disclosure of such information to unauthorized parties.
What are “Acceptable Use Policies (AUPs)”?
These are documents that describe what your organization considers appropriate use of its resources. This includes computer systems, email, the internet, and networks. The goal is to enable normal business productivity while limiting inappropriate use.
What are “workplace policies”?
These are policies that help the organization run better by providing rules that help people work together and allow adherence to standard operating procedures.
What is “onboarding”?
This is the process of hiring an employee and getting them going with workplace policies.
What is “offboarding”?
This is the process of removing an employee from the organization.
What are “data owners roles” responsible for?
These roles are responsible for data ownership and this is a business function where requirements for security, privacy, retention, and other business functions are set.
What are “system administrator data roles” responsible for?
These are administrative users responsible for keeping a system within defined requirements. They do not create the requirements, just enforcing them.
What are “users”?
These are ordinary users who have limited access and privileges, depending on their role and work activities.
What are “privileged users”?
These users have more access than ordinary users.
What is an “executive user”?
The is a special subcategory of a user. Often times these are people that do not need a high level of access but get it because of status; so they are natural targets of phishing attacks.
What is “risk management”? What is the importance of it?
The process of identifying, evaluating, and controlling threats to an organization’s capital and earnings. It enables organizations to try to prepare for the unexpected by minimizing additional risks and costs before they occur.
This allows companies to maximize their return on investment so that they can make more money.
What is “PII”?
This is a “customer’s” personal identifiable information.
What are 5 important benefits of risk management?
1) Create a safe workplace for all staff and customers.
2) save on unnecessary premiums.
3) reducing legal liability.
4) Protecting all persons and property involved from possible harm.
5) Provides protection against damaging events for both the company and the environment.
What are 5 possible impacts when a company has sucky risk management policies?
1) Death or injury to 3rd parties.
2) Property damage, including to commerical property, thrid-party property, or environmental property.
3) Security, or lack there of.
4) Finance. Everything costs money.
5) Reputation. Security risks can damage the ability of a company to make money.
What is “availability?”
The time required for a system to perform its intended functions.
What is “reliability”?
This is simply the measure of the lack of frequency of system failures.
What is “RTO”?
Recovery Time Objective.
The target time to resume operations after an accident.
What is “RPO”?
Recovery Point Objective.
The time period that represents the maximum acceptable data loss period.
The data loss is the differentiator. It is related to backup frequency.
What is “MTTR”?
Mean Time To Repair.
The measure of time it takes to repair a fault. This is the total downtime divided by the total failures.
What is “MTBF”?
Mean Time Before Failure.
This is a measure of the time between failures.
What are “mission-essential functions”?
These are essential functions that MUST occur for business operations.
What is “critical systems identification”?
This is identifying the data and systems that support mission essential functions.
What is “PIA”?
Private Impact Assessment.
This is the gap between desired and actual privacy performance.
What is “threat assessment”?
This is a structured analysis of the threats that a company faces. We can’t change the threats, only the way it affects us.
What are the 4 types of system threats?
1) Environmental: weather, lightning, storms, solar flares, etc.
2) Man-made: Hostile attacks or accidents by staff.
3) Insiders: Disgruntled or well-meaning employees who make a mistake that inadvertently harms the organization.
4) External: A threat outside the organization, attacking it.
What is “SLE”?
Single Loss Expectation.
This is the value of a loss expected from a single event.
What is “ARO”?
The is the annual occurrence rate, which is how many times a year we think something will happen.
What are 5 possible risk responses?
1) Avoid them by minimizing exposure.
2) Transfer of risk to another person through insurance or other methods.
3) Mitigate them by applying controls to reduce impact.
4) Just fix it, without testing.
What are “security deterrents”?
These are controls that hinder the attacker by reducing the likelihood of success from their point of view.
What are “security compensation controls”?
These controls are used to meet a requirement when one doesn’t have an option to directly address a threat.
What are “security preventative checks”?
These prevent specific actions, such as firewalls or mantraps, from being performed.
What are “security technical controls”?
These involve the use of some form of technology to address security problems, such as biometrics.
What are “security investigative checks”?
These are checks to help detect intrusions or attacks.
What are “security physical controls”?
These are capable of preventing specific physical actions from occurring.
What are “security corrective controls”?
These are used after the event and help minimize the extent of the damage.
What are “security administrative controls”?
These are procedures or policies used to limit security risks.
What is BIA?
Business Impact Analysis.
This is the process of determining the source and related values of risk elements in a process. It also describes how the loss of any critical function will affect an organization.
What is ALE?
This is the SLE multiplied by the ARO.
What is “OT”
Operational technology.
What is “Dd”?
Data domain.
What is “SAE, SOC”?
Standards of Attestations Engagement, System and Organizations Control
What is “DMARC”?
Domain-based Message Authentication, Reporting, and Conformance, or DMARC, is a technical standard that helps protect email senders and recipients from spam, spoofing, and phishing.
What is a “captive portal”?
Web page that the user of a public-access network is obliged to view and interact with before access is granted
What is a “LAMP server”?
A LAMP stack is used for backend or server-side development. A backend application is software that runs in an environment that’s hidden from end users.
What is “OAuth”? What version is currently in use?
OAuth 2.0, which stands for “Open Authorization”, is a standard designed to allow a website or application to access resources hosted by other web apps on behalf of a user. It replaced OAuth 1.0 in 2012 and is now the de facto industry standard for online authorization.
What is “PAM”?
Privileged Access Management (PAM) is an information security (infosec) mechanism that safeguards identities with special access or capabilities beyond regular users. Like all other infosec solutions, PAM works through a combination of people, processes and technology.
What is “vulnerability scan input”?
Vulnerability scanning involves using either a software or hardware-based scanner to locate soft spots in your code that can be exploited by known attack vectors. Soft spots are typically a result of unsanitized code that permits illegal inputs.
What is “GDPR”?
The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. The GDPR is an important component of EU privacy law and of human rights law, in particular Article 8 of the Charter of Fundamental Rights of the European Union.
What can “vulnerability scanning detect”?
A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures. A scan may be performed by an organization’s IT department or a security service provide, possibly as a condition imposed by some authority.